- From: Mikael Abrahamsson <swmike@swm.pp.se>
- Date: Mon, 24 Feb 2014 13:18:04 +0100 (CET)
- To: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
- cc: HTTP Working Group <ietf-http-wg@w3.org>
On Mon, 24 Feb 2014, Ilari Liusvaara wrote: > Doing encrypted caching... That would require client and server to > share state. Well, yes, but my thinking was that the key to decrypt this object could be shared over a control channel. If login is required to the site then only clients would get this key after login. > Encrypting arbitrary data in upstream direction is doable. Question is, > what can be encrypted without causing smuggling issues. I'd guess as soon as encryption is employed, smuggling is always possible. But if the proxy owner wants for instance to emply whitelists of what sites are allowed then hopefully this whitelist would only allow sites where smuggling is unlikely. > Such system does not necressarily have to modify upstream/downstream > data, just be able to reject requests. Well, it still needs to inspect the data so it still needs to decrypt it. I agree that it doesn't need to possibility of modifying it and delivering it to the client with proper encryption/signature, it just has to refuse to serve it. -- Mikael Abrahamsson email: swmike@swm.pp.se
Received on Monday, 24 February 2014 12:18:28 UTC